Microsoft to release fix for Windows Shortcut flaw on Monday

Microsoft will be releasing an out-of-band update for the Windows Shortcut …

Microsoft has announced plans to release of an out-of-band update on Monday to address the Windows Shortcut flaw revealed less than two weeks ago. The software giant has been keeping a close watch on the use of .LNK files exploiting the vulnerability and has concluded that it needs to act faster than usual.

Microsoft typically releases security patches on the second Tuesday of each month, with the next slated for August 10. Redmond is releasing this fix eight days early, at approximately 1PM EDT Monday. All currently supported versions of Windows are vulnerable, including Windows 7, so the majority of Windows users should be receiving this patch.

There have been multiple malware families that have picked up the .LNK attack vector, including a highly virulent strain named Sality.AT. Not only is Sality a very large family, but it is known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware. Microsoft has seen an increase in attack attempts as well as a change in the geolocation of the attack attempts across the systems it protects. In short, this new attack vector is becoming more widespread. The security team at the company believes more families will continue to pick up the technique, leading it to get the patch out as soon as possible.